If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Depends how you had auto update set up and when you disabled it. By default auto update downloads the updates for you, but does not apply them for you. THough you can change that in the settings in control panel.

I think that stop the damage, but I recommend reinstall the compromised PC (desconect the network first), install a firewall, patch the PC cross your fingers and pray...
Or better: save your data and install Linux or xxxBSD...

Originally posted here by TidaLphasE23 Grinler, If i have previously disabled Microsoft Auto Update, Am i still exposed
to this threat? All help appreciated.

Thanks TidaL.

Anyone feel free to correct me if I am wrong, but Windows Update doesn't really have anything to do with this worm - however, I'd advise against disabling Windows Update - ideally you are going to want to stay fully patched with updates as Microsoft releases them, using Windows Update. Microsoft has released a patch for this vulnerability and I would advise you strongly to apply it. The patch is available here: http://support.microsoft.com/?kbid=823980

The firewall on my network at work is receiving an extremely large amount of incoming traffic destined for port 135, but all traffic is being denied. As mentioned, port 135 should be blocked at your perimeter.

EDIT: There does appear to be a relation to Windows Update (in a way, I guess) - it seems that machines that are infected by this worm may try to flood the Windows Update site on the 16th of August...

its best to leave the autoupdate function on if u dont have the time to monitor and install updates all the time. u can set it to run automatically and that will save you the hassle butit might patch things that may cause other progams to not work well. so I dont recommend this if ur office uses software that is not the regular ones most people use as it woud be better if u tested the patches before applying them.

Originally posted here by r8devil I think the best solution would to reinstall the compromised system and make sure all the patches are applied, firewall is installed and configured correctly, anti virus is installed and updated.

I have to agree/disagree here - I don't think that this deserves a full format and reinstall of the system - this thing can be cleaned from what I am reading - I have to say what others have already said, format and reinstall may be overkill..

I do agree that a compromised system, once clean, must be fully patched, firewall properly configured, and AV up-to-date just as you stated. But let's not get overboard with the format and reinstalls.

Of course, we should always keep up with patches and such anyway as to try to prevent worms like this, but we all know that always up-to-date, fully patched systems on the Internet is a distant dream...